Safeguarding critical infrastructure from the next Stuxnet

By Francis deSouza, senior vice president, Enterprise Security Group, Symantec, Network World |  Security, Stuxnet

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

While it has been disturbing to see Internet threats become driven by financial gain, Stuxnet signals the arrival of something more worrisome: a new class of threat designed to seize and control critical infrastructure.

Stuxnet is one of the most complex threats observed to date. Not only did it utilize interesting antivirus evasion techniques and complex process injection code, it also pioneered new frontiers in virus design, including the use of four separate zero-day vulnerabilities and the first ever rootkit designed specifically for programmable logic controller systems.

EXPERTS: Stuxnet changed the cybersecurity landscape

Most notably, however, is the fact that it was designed to reprogram industrial control systems -- computer programs used to manage industrial environments such as power plants, oil refineries and gas pipelines. It is the first known malware designed to specifically target such systems with the goal of impacting real-world equipment and processes.

Stuxnet's ultimate objective was to alter the speed at which certain frequency converter drives -- power supplies that control the rotational speed of electric motors -- operated. Stuxnet only targeted systems with drives that functioned at a certain frequency, most notably, gas-centrifuge-based systems used in uranium enrichment. Altering the frequencies of the drives, as Stuxnet is designed to do, will effectively sabotage the enrichment procedure, likely damaging the affected centrifuges in the process.

Much of the threat posed by Stuxnet has been neutralized, but this epochal change in the threat landscape still raises many troubling questions. Enterprises that run or manage critical infrastructure have much to learn from Stuxnet. For those charged with the management of industrial control systems, implementing specific recommended defenses can spell the difference between a safeguarded and properly functioning system or an infected system.

What follows is a breakdown of best practices to help erect a defense-in-depth barrier to this new type of threat.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question